"Unlock the Secrets of Data Privacy Interviews - You Won't Believe What They Ask!"
Summary
TLDRIn this session, Prabh Nair discusses common interview questions for data privacy jobs, providing valuable insights and answers based on his experience. He emphasizes understanding privacy, the difference between privacy and secrecy, and key requirements for privacy compliance. Prabh also covers essential steps for GDPR compliance, creating privacy policies, and responding to privacy breaches. This video aims to help viewers prepare for interviews and enhance their knowledge of data privacy practices. For more details, Prabh invites viewers to connect on LinkedIn and subscribe to his YouTube channel for future updates.
Takeaways
- π Introduction: Prabh Nair hosts a session on interview questions frequently asked in data privacy jobs.
- π Prabh emphasizes the importance of understanding privacy, explaining that privacy is a state where information is not observed or disturbed by others.
- πΌ Privacy vs. Secrecy: Privacy relates to individual information, while secrecy pertains to organizational information.
- π Privacy Compliance: The most important requirement is to understand regulatory and business requirements, appoint a data protection officer, create a privacy program, and conduct privacy impact assessments.
- π’ Privacy Program Management: A comprehensive approach to establish, implement, and continually improve an organization's privacy program to ensure compliance with data privacy regulations.
- π Creating a Privacy Policy: Understand business and legal requirements, define scope, types of collected information, sharing policies, retention periods, and include review and exception processes.
- β οΈ Responding to Privacy Breaches: Steps include containing the breach, evaluating risks, notifying authorities, and implementing remediation plans.
- π GDPR Compliance: High-level steps include updating data consents, implementing transparency documentation, and detailed steps like data mapping, consent management, and privacy policy development.
- π‘οΈ Data Privacy Risk Assessment: Steps include defining the scope, identifying personal data, evaluating existing controls, identifying gaps, prioritizing remediation, and monitoring.
- π Importance of Data Privacy: Protects personal information from unauthorized access, maintains trust, and ensures ethical data use.
Q & A
Who is the presenter of the session and what is the primary focus of their YouTube channel?
-The presenter is Prabh Nair, and the primary focus of his YouTube channel is to provide value to his clients, stakeholders, and subscribers by sharing information, particularly on interview questions related to data privacy jobs.
What is the initial question discussed in the session, and what is its significance in an interview context?
-The initial question discussed is 'Can you tell me about what is privacy?' This question is significant in an interview context as it helps to understand the candidate's thought process and psychology regarding privacy, which is crucial for handling complex privacy solutions.
How does Prabh Nair define privacy in his response?
-Prabh Nair defines privacy as a state of information where one is not observed or disturbed by others. He uses the example of medical records, which should be kept private to avoid misuse by third parties. He also mentions that privacy is considered a fundamental right in some countries.
What is the difference between privacy and secrecy as explained by Prabh Nair?
-Privacy is related to information concerning individuals, such as personal data and medical records. Secrecy, on the other hand, pertains to information related to organizations, such as internal business processes and trade secrets.
What are the key steps mentioned by Prabh Nair for ensuring privacy compliance?
-The key steps for privacy compliance include understanding regulatory and business requirements, appointing a Data Protection Officer, creating a privacy program management system, developing a privacy policy, and conducting Privacy Impact Assessments (PIA).
How does Prabh Nair describe the process of Privacy Impact Assessment (PIA)?
-Prabh Nair describes PIA as a process that involves identifying and assessing privacy risks associated with new projects or changes in existing processes. It helps in understanding what privacy requirements are needed and identifying gaps in the current system.
What is the importance of having a Privacy Program Management system?
-A Privacy Program Management system is important because it is a comprehensive approach to privacy and data protection, helping organizations minimize privacy breaches, address underlying problems, and comply with data privacy regulations effectively.
What are some critical steps for GDPR compliance according to Prabh Nair?
-Critical steps for GDPR compliance include data mapping, developing and implementing privacy policies, managing consents, conducting PIA, establishing data subject rights, ensuring data breach notifications, vendor compliance, training and awareness programs, and appointing Data Protection Officers.
How should an organization respond to a privacy breach as per the session?
-An organization should respond to a privacy breach by first containing the breach, evaluating the associated risks, notifying the necessary parties as per legal requirements, performing remediation, and learning from the incident to prevent future breaches.
What are the essential elements of creating a privacy policy?
-Essential elements of creating a privacy policy include understanding business and legal requirements, defining the scope and statement, including business names and contact information, detailing the type of information collected, specifying data collection procedures, addressing data sharing with third parties, and defining data retention periods. Policies should also be reviewed annually or after major business changes.
Outlines
β Introduction and Overview
Prabh Nair welcomes viewers to his session, 'Coffee with Prabh,' where he will discuss frequently asked interview questions related to data privacy jobs. He introduces himself, mentions his role as a chief instructor at InfoSecTory, and encourages viewers to subscribe to his YouTube channel for more valuable content. He emphasizes the value he aims to provide to his clients, stakeholders, and subscribers.
π‘οΈ Defining Privacy
Prabh explains the concept of privacy in response to a common interview question. He describes privacy as a state of information where an individual is not observed or disturbed by others, using medical records as an example. He highlights the importance of privacy as a fundamental right in some countries, essential for human dignity and the foundation of other human rights. Prabh contrasts privacy with secrecy, explaining that privacy relates to individual information, while secrecy pertains to organizational information.
π Privacy Compliance Requirements
Prabh discusses the importance of understanding regulations and business requirements for privacy compliance. He uses examples of GDPR, HIPAA, and other regulations to illustrate the need for compliance. He outlines the steps for achieving compliance: understanding requirements, appointing a Data Protection Officer, creating a privacy program management system, drafting a privacy policy, and conducting Privacy Impact Assessments. These steps help organizations maintain privacy protection and comply with legal standards.
π Privacy Program Management
Prabh explains privacy program management, comparing it to an Information Security Management System (ISMS). He describes it as a comprehensive approach to managing privacy and data protection, minimizing risks and ensuring compliance with regulations. Key steps include establishing the program, conducting privacy risk assessments, developing a privacy management plan, implementing controls, monitoring effectiveness, and providing training and awareness. This systematic approach helps organizations maintain privacy standards and respond to incidents effectively.
π Creating a Privacy Policy
Prabh outlines the process of creating a privacy policy, emphasizing the need to understand business and legal requirements. The policy should define its scope, detail the type of information collected, explain data collection procedures, and specify data retention periods. He highlights the importance of regular reviews and updates to the policy, including documenting exceptions and ensuring compliance through training and awareness. A well-crafted privacy policy is crucial for governance and protecting individual data.
π¨ Responding to Privacy Breaches
Prabh discusses how to respond to privacy breaches, focusing on containment, risk evaluation, and remediation. He explains the importance of isolating affected systems, assessing the impact, notifying relevant authorities, and developing an incident response plan. Prabh emphasizes the need for a thorough investigation to prevent future breaches and the significance of transparency and communication during a breach. This approach helps organizations manage crises effectively and maintain trust.
π Understanding Data Privacy
Prabh explains the significance of data privacy in today's world, highlighting the risks of unauthorized access, identity theft, and misuse of personal data. He emphasizes the importance of protecting personal information to maintain trust in institutions and businesses. Prabh outlines the steps for conducting a data privacy risk assessment, including identifying the scope, evaluating existing controls, identifying gaps, and developing an action plan. Effective data privacy practices ensure compliance and protect individuals' rights.
π Steps for GDPR Compliance
Prabh provides a detailed overview of steps required for GDPR compliance. He explains high-level steps such as updating data consents and transparency documentation, as well as detailed steps like data mapping, developing a privacy policy, managing consents, conducting Privacy Impact Assessments, and ensuring vendor compliance. Regular training and the appointment of Data Protection Officers are also crucial. These steps help organizations adhere to GDPR regulations and protect personal data.
π‘οΈ Data Privacy Risk Assessment Approach
Prabh describes his approach to performing a data privacy risk assessment, emphasizing the importance of identifying the scope and purpose, evaluating existing controls, and identifying gaps. He outlines the process of developing an action plan to address identified risks and the need for ongoing monitoring and review. This structured approach ensures that organizations can effectively manage data privacy risks and comply with applicable regulations.
π Conclusion and Call to Action
Prabh concludes the session by inviting feedback and encouraging viewers to share the video if they found it useful. He asks if viewers would like more content on data privacy interview questions and other related topics. Prabh emphasizes the effort put into creating the content and reiterates the value of subscribing to his channel for future updates on similar topics.
Mindmap
Keywords
π‘Privacy
π‘Secrecy
π‘Data Privacy Compliance
π‘GDPR
π‘Data Protection Officer (DPO)
π‘Privacy Impact Assessment (PIA)
π‘Privacy Program Management
π‘Personal Data
π‘Consent Management
π‘Data Breach Response
Highlights
Introduction of the session focused on data privacy interview questions.
Emphasis on providing value to clients, stakeholders, and subscribers.
Explanation of what privacy means and its importance.
Difference between privacy and secrecy.
Key requirements for privacy compliance.
Steps to establish a privacy program management.
Detailed process for building and maintaining a privacy program.
Discussion on handling privacy breaches effectively.
Steps to create a comprehensive privacy policy.
Importance of data privacy in the modern world.
Overview of data privacy risk assessment approach.
Explanation of GDPR compliance steps, both high-level and detailed.
Role and importance of Data Protection Officer (DPO).
Regular review and update of privacy policies to ensure compliance.
Encouragement to share the video and subscribe for future content.
Transcripts
hello team welcome to my session on
coffee with prabh and today we're going
to discuss some interview questions
which is frequently asked in our data
privacy jobs my name is prabh Nair and
for more information you can check my
LinkedIn profile these questions I also
ask when I basically onboard any
consultant for the project so might be
this video useful for you
and if you're new to the channel do
subscribe to my YouTube channel and
click on the Bell icon to make sure you
should not miss my future videos on a
similar topic I also covered the
interview prep questions of the other
job skill set so might be that videos
will be useful for you my primary
objective behind this YouTube channel is
to just give a value to my clients value
to my stakeholders value to my
subscribers so that they gain
information from this particular Channel
so without wasting your time let's start
with the first part hello everyone my
name is prabh Nair and I'm working as a
chief instructor at infosectory
[Music]
foreign
okay so we are starting with the first
question can you tell me about what is
privacy or can you tell me more about
what is privacy see normally interview
when they ask this question from the
candidate they want to know the thought
process of the candidate okay what he
basically or what she perceive about
privacy because it is very important to
know the psychology of the candidate how
he take on how how she take the Privacy
as a subject okay because privacy is a
very complex thing when it comes to
their Solutions and all that it's a very
complex thing so in most of the
interviewers normally ask this question
just to understand what is a visibility
the candidate has about the privacy
so if you uh going to answer this
question or if I am going to answer this
question this is the normal response I
give to the question so privacy is a
state of information
in which one is not observed or
disturbed by the other people example
like my medical records so I have my
medical records okay I want that
information only with me so I have some
medical informations okay I went for
some test and this is my information and
is basically associate with me only so I
don't want this information
should go outside to any third person
because that is a state of information
for me and I might get Disturbed if that
information is available to third party
because he might misuse that information
for his personal benefit
that is why in some countries privacy is
a fundamental right okay and essential
to the freedom and protection of human
dignity and serving as a foundation upon
which many other human human rights are
basically built so this is how you can
able to present the statement so if
someone asks about what is privacy and
why it is important it's a state of
information which neither observed or
disturbed by the other people and it is
a fundamental rights in some countries
which is considered as a human dignity
and that is why in some countries we
have a dedicated law which basically
protect the privacy of an individual one
more important thing sometime in the
interview they also ask what is the
difference between the privacy
and secrecy
so privacy is a state of information
which deal with the individual
and secrecy is a state of information
which deal with the organization example
company has their internal business
informations they have their internal
trade secrets so that is called as
secret information and the information
which is mapped with the individual that
is basically called as a privacy
okay so let's move to the next interview
question
okay next question is what is the most
important requirement for a privacy
compliance
by asking this question interviewer want
to know your experience in the data
privacy area
because you know they cannot hire any
random consultant to manage a privacy
because it is something related to their
law regulations business requirement and
all that so they want to know your
experience they want to know your
knowledge on that particular area
so this is how I basically craft this
question that's why we have raised this
question what is the most important
requirement for privacy compliance and
as a client I will definitely ask this
question from a candidate
so answer is first understand the
regulation business requirement because
if you want to start building any kind
of a privacy system in the organization
we will definitely need to know okay
what are the current requirement we have
what is the business requirement we have
let's take example I joined one
European based company okay so this is
the company we have company a
so I joined this company so I need to
make sure that okay a company should be
comply with the gdpr
or they have a customer in U.S so I need
to be comply with uh HIPAA I need to be
comply with glba or if I'm basically
serving any kind of a customer in Canada
I need to be comply with the people die
and all that so first thing in order to
comply comply is basically mean Act of
abiding so in order to comply with gdpr
comply with h a pi and all that I need
to First understand the requirement
simple logic now like if I'm if I'm
going to someone's house I need to know
the rules and regulation of the house
right that is how I get the respect and
that is how I get my Safety and Security
same like as a company if I'm basically
operating in a particular region I need
to know the business requirement I need
to know the regulated requirement of
that particular region okay now if gdpr
say that okay you need to process data
in a pseudonymization so I need to make
sure what are the data is processing in
the EU it should be done in a
studentization if glb is saying that
tomorrow you need to keep the data
address in encrypted order I will keep
the data in encrypted order so before
implementing the encryptions and all
that I need to know what is the
requirement
so that is why that is the first step so
when you're going to explain in this way
you build the confidence in the
intervaries this guy has a knowledge
so Second Step appoint the data
Protection Officer in some cases we need
to have a data Protection Officer he is
just act like a data Steward who
understands the business requirement and
map the business requirement with the
legal requirements and he he or she will
be the person who will basically talk
about what is the requirement we need to
be comply with the Privacy Okay the
third most important thing we need to
create a privacy program management
because it include all the controls
procedures and everything by which we
basically maintain the Privacy
protection and then we basically create
a privacy policy which basically capture
the intent of the management because if
you want to enforce any kind of a
privacy practices in the organization it
need to be driven through a privacy
policy and then finally we conduct the
Privacy impact assessment which
basically all about what is basically
have and what we need to achieve so
privacy impact assessment is just like a
gap assessment to identify the level of
privacy requirement we have in the
process and what we currently have so
this is how the process we follow by
which we can able to compliance with any
privacy requirement
let's move to the next interview
question
okay next interview question is what is
privacy
program management
frequent question asked in the exam see
the way we creating a management system
isms information security management
system which basically talk about
all the information security controls to
protect the data and all that same like
when we're building a privacy concept of
privacy Engineering in the organization
it has a set of controls
okay and for that that set of controls
are organized in one particular system
and that system is called as a privacy
program management so privacy program
management is a frequent question which
is you know uh ask in the jobs and all
that so how you basically respond to
that so it is basically a comprehensive
approach to privacy and data protection
that is essential for all agencies
Enterprise and other organization that
handles personal data and it minimize
the risk of privacy breaches maximize
the ability to address the underlying
problems reducing the damage arising
from a bridge so in a layman term like
let's understand see privacy program is
all about uh you can say it's all about
establishing
establishing
implementing
and
continually improving an organization
primary program to ensure we can
basically compliance with the applicable
data privacy regulations so the way we
have isms information security
management system which basically
include all the controls and practices
same like I want to comply with privacy
regulation I want to comply with privacy
requirement so how to do that so we
basically build a system in which the
policies are there controls are there
and that that concept is basically
called as a privacy program management
now sometime what happened interviewer
also asks what are the steps is
basically required for Effective privacy
program management so in that the first
step is basically establish the Privacy
program that is the first step
establish the Privacy program okay
where we establish the program that
Define the organization approach to data
privacy set out the policy procedures
process for managing personal data then
second step is basically we conduct the
Pia
privacy impact assessment or privacy
risk assessment where we perform the
risk assessment to identify the
potential privacy risk to the
organization personal data is process
and then third step is basically called
as a develop the Privacy management plan
so this we develop the Privacy
management plan that outline the
organization strategy for mitigating
privacy risk and compliance with the
applicable data or any regulated
requirement and this plan should include
all the Privacy Control process and
procedure so that is what privacy
Management program is all about it
include the controls that we need to
apply include the processes and most
important include the procedure and then
once we create that the next thing what
we have to do is we need to implement
the
privacy controls
implement
privacy control so implement the Privacy
control is all about identifying the
Privacy management plan and this include
implementing technical control such as
encryption access control and all that
and once you basically implement the
control the next thing we have to do the
monitor
monitor is basically all about
monitoring the effectiveness of the plan
including your privacy Control process
to ensure you know ongoing compliance
with applicable data privacy regulation
we have then we need to have an instant
response plan where we develop and
implement the instant response plan to
respond to the Privacy incidents and we
need to train people on the
privacy activity so somebody's
established the Privacy program then
conduct the Pia then develop the Privacy
management system then implement the
Privacy control then Monitor and then we
have a train and review so this is how
you basically build the Privacy
management system in the organization so
it includes a set of activities it
include the set of controls process and
procedure we talk about how to maintain
the data privacy in the organization
okay let's move to the next interview
question as I said sometime interviewer
trying to confuse you with the very
basic questions because you should be
good in Basics and this is what the
basic question is what is the difference
between the Privacy versus secrecy
so privacy is a state of information
that deal with the individual like your
pii your health records WhatsApp chats
and all that okay which is something led
to your individual and secrecy is a
state of information which deal with the
Enterprise example like companies
business process and all that so that is
the Thin Line difference we have between
the privacy and secrecy
so let's move to the next interview
question
okay next question is what are the
important steps required for a gdpr
compliance now here I basically divided
the response into two part one is very
high level and one is basically detail
level now sometime what happened
interview basically asks this question a
different way example we already have a
compliance with other regulations but
you know we don't want to repeat the
same step so do you know any High
critical steps that we can consider by
which we can even directly comply with
gdpr
or you know what are the important
critical steps are required to be comply
with gdpr on a high level so this is
basically where the interviewer test
your experience they want to know your
experience in the gdpr area
so I have divided the response in two
part one is very high level and one is
very detailed level so high level is
updating the individual data consent and
disclosures normally current process we
have which is compliance with Pip die
and all that but according to gdpr we
need to update the consents current
policies privacy notices are compliant
with bibda so we will update all the
necessary requirement of jdpr and third
is implement the transparency
documentations okay whatever the
critical documents are required to be
comply with gdpr I am going to update
instead of going from a scratch so that
is basically a very high level steps but
if you want to go in detail then I have
also a step for that example like the
first step is uh
data mapping okay where we identify map
all the personal data okay which we
collect the process store including the
category of data location you know the
legal basis for processing it that is
the first step then we basically create
a privacy policy we need to develop and
implement the privacy policy because
privacy policy is a foundation of a
privacy governance okay always remember
any kind of a system program you want to
introduce in the organization the first
we need to create a policy for that so
policy is a Law and Order of the company
okay so develop and implement the policy
that inform individual about how that
data is collected how it's going to be
processed and how it going to be shared
then third important thing we need a
consent management so where we need to
establish the processes to obtain and
manage the consent from the individual
for collecting processing storing the
personal data how you're going to
process the data so that is required and
then once we have all these things on
that I need to identify the gaps and
that is basically where the Pia come
into the picture Pia is one of the most
important part of the Privacy management
system
because it conduct the assessment like
they identify the risk
they mitigate the Privacy risk
associated with the new project or
changes in the existing process let's
take an example uh where companies
already compliance with other
regulations and now uh
this company is planning to onboard a
new project from the EU
so they will try to understand what are
the requirement of this business
okay what is current control we have and
how we can basically comply on the gdpr
so let's take example uh we we have a
website which is basically collecting a
set of information
uh from the Canada
and our website is complied with Canada
now we are planning to launch this
website in the Europe so I need to see
what is a set of requirement we need in
the website okay so that we can
compliance with the gdpr
okay so we identify the risk oh there's
no consent mentioned there's no privacy
notice mentioned this is how we did the
Pia
okay so user want HTTP so if I use HTTP
there is an information disclosure so
this is against the principle of gdpr so
this is how I'm doing a Pia so if you
give such kind of an examples it builds
more confidence
so Pia is the most important thing so
once you it is done with the Pia the
next step is basically data subject
rights so data subject right is all
about you know implement the process to
manage the data subject rights including
the how we access the data how here
Rectify how he erase the data restrict
the processing data portability all this
thing need to be defined then we have a
database notification in gdpr the
mandated report breaching is 72 hours in
72 hours you need to report the data
breach so database notification we need
to establish the process here
to inform the individuals and all that
sometime what happened we onboard the
vendors also and we need to make sure
the vendors also compliance with your
privacy
vendor should be compliant with gdpr
because by end of the day you are the
one who accountable for the regulatory
so we need to implement the process to
ensure the third party vendors
compliance with the GDP requirement when
processing the personal data on behalf
of the organization
then we have our training and awareness
where we provide the regular trainings
to the employees to ensure they are
under GDP requirement and then we have a
minimum appointment of data protection
officers okay to oversee the gdpr
compliance and they should be serve as a
point of contact with supervised
Authority and regularly audit and review
just to make sure we are compliance with
all the gdbr requirement
so these are the detailed steps we have
by which you can able to comply with the
gdpr okay let's move to the next
interview question
okay how are you responding to the
Privacy breach privacy breach it means
it's up to more any breach happen how
are you going to respond to the breach
because here the interview want to know
your psychology of how you handle the
crisis
okay how good you are in handling the
crisis because fail to comply with
privacy or if there is a privacy breach
you need to face a Regulatory Compliance
penalties and all that so here one
interview want to know how you basically
handle such kind of a situation
so how are you responding to the Privacy
brief so first is contain the bridge
contain these example if system is
infected with the virus isolate a system
immediately from the network that is my
first priority instead of doing start
doing a troubleshooting there itself so
example like we have a server here
okay and this servers are basically
connected with the other servers so the
hacker
example like
hacker hack into the server and able to
access the data but I don't want further
damage so isolate a system from the
network that is the first thing and for
that I will first notify the instant
response team and they will basically
isolate a system immediately from the
network and then we do the further
investigation how they hack the system
so that is called as I contain the
breach contain the breach it mean limit
the breach second is we will evaluate
the risk associated with this bridge
okay what is the level of affected
things we have so example 20 of a data
got compromised so at least we save 80
of our data here so we evaluate the risk
associated with the beach okay then
according to gdpr I need to report the
breach so I will see the what is the
notification requirement we have I will
basically get it done the plan PR team
will be involved how to craft a message
and then we basically proceed with the
remediation lesson line remediation
lesson learn make sure this incident
should not be repeated again in the
future so that is how we basically do
the problem management root cause
analysis and all that so that is how I'm
going to respond to the breach
okay next interview question
very good question how to create a
privacy policy here the interviewer how
to create a privacy policy here the
interviewer want to know whether you are
good in writing and all that you you
have a good understanding of governance
and all that so the first step whenever
you're creating a policy is to
understand the business and legal
requirement one thing you need to
understand privacy is a foundation of
any governance okay
management intentions are covered in the
policies okay so example every system
must be protected with the password so
this is the statement come from the
management
so that is a policy so whenever you want
to build a privacy governance privacy
management privacy policy is a mandatory
step because it is created by the
Protection Officer and approved by the
Senior Management and whenever you're
creating a policy make sure a policy
capture all the business and legal
requirement that is a most important and
must as a category
then second is Define the scope and
statement okay like this policy is
basically applicable for which country
or policy application for which branch
or policy application for which business
process so example like we are the
multinational company where we have a
project from Canada we have a project
from us so according to us we need to
create a privacy policy for a U.S
process we need to create a privacy
policy for the gdpr we need to create a
privacy policy for pipda so we need to
Define here is this policy applicable
for which particular area so that is why
the scoping is very important otherwise
it is difficult for the people to follow
it is very important to include your
business names and contact information
so if someone if tomorrow someone is
confused with the policies and all that
there should be a point of contact that
the person can reach out
mention about what type of information
you're going to collect so the policy it
is very important Define what type of
information you collect
okay that's the most important thing
okay there are many different way we
collect the user information example
like contact form cookie survey course
registrations you know email newsletters
so this is something we need to Define
need to address how you're going to
collect and why so it's very important
Define the procedures okay because it
gives the clarity but why we need that
and last need to Define if user data is
shared with a third party if yes mention
that and last but not the least for how
long you want to collect the data
because by this is how you can able to
limit your liability because you have
collected data and you're keeping the
data in the database and tomorrow it got
hacked then you are answerable for that
so Define the retention period for how
long you're keeping the data okay so by
this way you can able to limit your
liabilities okay because we have a one
simple fundamental is the best way to
protect yourself from any kind of a
compliance issue is limit in the
collection of a data okay let's move to
the next interview question before
moving that there is one more important
thing policy need to be reviewed
annually or in the case of major change
in the business and policy when it
reviewed annually it need to be reviewed
with the version update so in the last
page there is called as a version update
like policy was revised on this
particular date and this is the version
information okay we also need to add the
policy exception process example
sometime things are goes against the
policies or sometimes we have to drive
some activity against the policy so we
need an exception approvals and that
also need to be tracked down and later
on annually we'll see how many time this
kind of an exception has been generated
and if it is basically generated
multiple times try to amend that in a
policies okay
now next thing is next interview
question is
what is your understanding of data
privacy and why is it important in today
World sometimes the interview want to
know your psychology behind the data
privacy
okay because it is very important until
now you don't have that state of mind
to understand the Privacy you cannot
able to implement the control
that is why my first question was also
on the data privacy introduction
so how you basically respond to that see
when you're talking about your response
is very simple so data privacy first of
all you give the definition like data
privacy refer to the protection of
personal information from unauthorized
access use disclosure and then you can
add some narratives here like in today
world where the personal information is
frequently collected shared process data
privacy is critical to ensure that you
know individual retain control over
their personal data and are protected
from the potential harm so this is how
you can basically start the statement
then you can give your observation like
why data privacy is important in today
world is first personal data can be used
for nefarious purpose right
such as identity theft Financial broad
or staking that's why it's very
important to have a data privacy second
is personal data can be sold to third
party who may use it for Target
individual that is what we need to
protect and third personal data can be
used to make the decision about
individuals such as whether they are
eligible for the loans insurance and all
that okay so overall data privacy is
essential to protect the individual
right maintaining trust in the
institutions and business that collect
the personal information and ensure the
personal data is used ethically and
reasonably so when you give this kind of
a narrative answer I'm sure it build the
confidence in the job
so sometime what happened the
interviewer also asks your experience on
the data privacy risk assessment okay
because sometime what happened whatever
mentioned in the book is different from
what is happening in the industry okay
so they will ask you sometime like can
you walk me through your approach to
performing a data privacy risk
assessment so how you start certainly
here is a general approach to perform
the data private series assessment the
first is identify the scope and purpose
of assessment
the first step in data privacy risk
assessment is to clearly Define the
scope okay the purpose of assessment and
this includes identifying the system
applications data that will include in
the assessment as well as objective of
the assessment second is we need to
identify the personal data definitely
what data we have we need to assess
okay which include analyzing a
sensitivity of a data potential impact
of a data breach unauthorized disclosure
third evaluating the existing control
that's another important thing where
we're reviewing the existing policy
procedure technical controls do they are
educate then the next thing is identify
the gaps what we have and what we need
to achieve okay so based on assessment
results we identify Gap in the current
controls like example I did the
assessment of the website I discovered
they are using SSL required is TLS okay
there's no multi-factor authentication
required multifact authentication so
that is how I identify gaps because a
good privacy consultant doesn't mean
okay start from scratch when we already
have some control we need to just
enhance those control and that is how
you can able to save the budget also so
identify gaps
and prioritize the remediations is it
clear and then based on that develop the
action plan so when I say develop an
action plan it outlined the remediation
actions timeline responsibilities that
is the most important thing okay and
then finally we have a monitor and
review where we basically monitor the
current control in place so this this
approach can be tailored to meet the
specific need and requirement of
organization that applicable to the data
privacy regulation so this is all from
my side do let me know shall we make
more coffee shots or interview questions
on data privacy shall I make some coffee
shots on cip-pci pm and how do you find
this video do share your feedback in a
comment section because I really put my
lot of hard work making this content and
if you find this video useful and if you
think this video can be
useful for your friends and all that do
share in your network and do subscribe
to my channel and click on the Bell icon
to make sure you should not miss my
future videos on a similar topic thank
you so much bye
Browse More Related Video
![](https://i.ytimg.com/vi/3IDnuvs0kNs/hq720.jpg?v=65e1ef52)
How to Implement GDPR Part 2 :Roadmap for Implementation
![](https://i.ytimg.com/vi/AEW7xVkKeNU/hq720.jpg)
GDPR Compliance Journey - 08 Privacy Notice
![](https://i.ytimg.com/vi/3PxvSueuc-8/hq720.jpg?v=65e1ef1d)
How to Implement GDPR Part 1 :Roadmap for Implementation
![](https://i.ytimg.com/vi/ReqahB92hjA/hq720.jpg)
How to Build a GDPR Implementation Plan
![](https://i.ytimg.com/vi/G4rYuEcNlsI/hq720.jpg)
Your Personal Data Inventory Top Tips & Brexit Impact 161220
![](https://i.ytimg.com/vi/qTFO28sSX4g/hq720.jpg)
Latest news on Australian privacy and information security laws
5.0 / 5 (0 votes)